Getting VoIP Clients to Work behind a NAT Firewall

Updated on April 19, 2012

VoIP and NAT problems

Problems with NAT and VoIP

Most private Internet devices sit behind an NAT router. NAT stands for Network Address Translation. It's what prevents the public Internet from directly accessing any device on a private network. This has several security benefits and is a standard practice followed throughout the world. Unfortunately, this poses a problem for SIP VoIP calls – not during the SIP initiation itself, but during the time when the actual audio stream is being sent. This is because the voice media switches to the RTP protocol after the call has been set up. SIP by itself provides no indication as to how a VoIP client will be directly accessible by a public SIP server when it's sitting behind an NAT.

A VoIP device protected by NAT has no way of knowing what its real public IP address is. During the SIP call, the client and server set up ports using which they will be able to communicate using RTP later on. However, if the VoIP client doesn't know it's real public IP address, it will send its private address instead which is completely unroutable over the Internet. There is no single solution to workaround this problem. Different SIP providers and clients make use of varying techniques to overcome this. It can safely be said that the majority of VoIP problems involving audio have to do with some problem with the NAT configuration.

Resolving Problems with NAT and VoIP

A large number of attempts have been made to deal with the problems posed by NAT traversal with regard to VoIP. Some of them involve the client finding out its own public IP address by contacting an STUN server. Others try and ensure that the public IP address and port over which the SIP server receives audio from the SIP client is the same one used to send media back. However, there should be a single standardized methodology of going about this in order to improve interoperability and reduce confusion. The problem is that there are so many different types of network topologies that a single method will not work.

A new protocol called the ICE or the Interactive Connectivity Establishment aims to pull all these methods together and to standardize the techniques by which any traversal methodologies are implemented. It consists of SIP clients sending a list of candidate public IP addresses at which it can receive RTP communications. SIP providers worldwide have achieved some measure of success with NAT traversal problems. Personally I've been using SIP for a long time without any issues. Business VoIP services take care of these issues automatically. Contact your business phone system provider if you're having problems with one-way audio and asked them how they deal with NAT traversal problems in VoIP.